File Name: modeling in event b system and software engineering .zip

Size: 14741Kb

Published: 02.06.2021

*Skip to search form Skip to main content You are currently offline. Some features of the site may not work correctly. DOI: *

- Automatic Generation of DistAlgo Programs from Event-B Models
- Modelling and Validating an Automotive System in Classical B and Event-B
- Modeling in Event-B - System and Software Engineering

Readers will learn how to build models of programs and, more generally, discrete systems, but this is all done with practice in mind. The numerous examples provided arise from various sources of computer systen developments, including se quential programs, concurrent programs, and electronic circuits The book also contains a large number of exercises and projects ranging in difficulty Each of the examples included in Che book has been proved using the Rodin Platforn toolsetwhichisavailablefreefordownloadatwww. Abra This publication is in copyright. Subject to statutory exception and to the provision of relevant collective licensing agreements, no reproduction of any part may take place without the written permission of Cambridge University Press First published in print format ISBN eBook NetLibrary ISBN Hardback Cambridge University Press has no responsibility for the persistence or accuracy of urls for external or third-party internet websites referred to in this publication, and does not guarantee that any content on such websites is, or will remain accurate or appropriate Contents Prologue: Faultless systems- ycs we can acknowledgments XX Introduction 1.

## Automatic Generation of DistAlgo Programs from Event-B Models

This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!

This page intentionally left blank Modeling in Event-B A practical text suitable for an introductory or advanced cour This page intentionally left blank Modeling in Event-B A practical text suitable for an introductory or advanced course in formal methods, this book presents a mathematical approach to modeling and designing systems using an extension of the B formalism: Event-B. Readers will learn how to build models of programs and, more generally, discrete systems, but this is all done with practice in mind.

The numerous examples provided arise from various sources of computer system developments, including sequential programs, concurrent programs, and electronic circuits. Each of the examples included in the book has been proved using the Rodin Platform tool set, which is available free for download at www.

Abrial This publication is in copyright. Subject to statutory exception and to the provision of relevant collective licensing agreements, no reproduction of any part may take place without the written permission of Cambridge University Press. First published in print format ISBN eBook NetLibrary ISBN Hardback Cambridge University Press has no responsibility for the persistence or accuracy of urls for external or third-party internet websites referred to in this publication, and does not guarantee that any content on such websites is, or will remain, accurate or appropriate.

Contents Prologue: Faultless systems — yes we can! Acknowledgments page xi xxv 1 Introduction 1. This title is certainly provocative. We all know that this claim corresponds to something that is impossible. We cannot construct faultless systems; just have a look around.

If it were possible, it would have been already done a long time ago. So, how can we imagine the contrary? We might think: yet another guru trying to sell us his latest universal panacea. The intention is just to remind you of a few simple facts and ideas that you might use if you wish to do so. The idea is to play the role of someone who is faced with a terrible situation yes, the situation of computerized system development is not far from being terrible — as a measure, just consider the money thrown out of the window when systems fail.

Faced with a terrible situation, we might decide to change things in a brutal way; it never works. Another approach is to gradually introduce some simple features that together will eventually result in a global improvement of the situation.

The latter is the philosophy we will use here. But, you say, lots of industries have such documents; they already exist, so why bother?

Well, it is my experience that most of the time, requirements documents that are used in industry are very poor ; it is often very hard just to understand what the Jean-Raymond Abrial.

Faultless Systems: Yes We Can! Computer, 42 9 : 30—36, September , c doi Reproduced with permission. People too often justify the appropriateness of their requirements document by the fact that they use some expensive tools!

I strongly recommend that a requirements document is rewritten along the simple lines presented in this section. Such a document should be made up of two kinds of texts embedded in each other: the explanatory text and the reference text. The former contains explanations needed to understand the problem at hand. However, they must be selfcontained and thus constitute a unique reference for correctness. Such an environment is made of some pieces of equipment, some physical varying phenomena, other pieces of software, as well as system users.

However, quite often after the writing of such a document, people rush into the programming phase and we know very well what the outcome is.

What is needed is an intermediate phase to be undertaken before programming; this is the purpose of what is explained in the next section. Prologue: Faultless systems — yes we can! Our intention is not to do that. What we intend to build is a system within which there is a certain piece of software the one we shall construct , which is a component among many others.

This is the reason why our task is not limited to the software part only. In doing this as engineers, we are not supposed to instruct a computer; rather, we are supposed to instruct ourselves. To do this in a rigorous way, we have no choice but to build a complete model of our future system, including the software that will eventually be constructed, as well as its environment, which, again, is made of equipment, varying physical phenomena, other software, and even users.

Programming languages are of no help in doing this. All this has to be carefully modeled so that the exact assumptions within which our software is going to behave are known. Modeling is the main task of system engineers. Programming then becomes a subtask which might very well be performed automatically. Computerized system modeling has been done in the past and still is with the help of simulation languages such as SIMULA the ancestor of object-oriented programming languages.

What we propose here is also to perform a simulation, but rather than doing it with the help of a simulation language, the outcome of which can be inspected and analyzed, we propose to do it by constructing mathematical models which will be analyzed by doing proofs. Physicists or operational researchers proceed in this way. We will do the same. Since we are not instructing a computer, we do not have to say what is to be done, we have rather to explain and formalize what we can observe.

But immediately comes the question: how can we observe something that does not yet exist? The answer to this question is simple: it certainly does not exist yet in the physical world, but, for sure, it exists in our minds. In order to perform this joint task of simulation and proofs, we use a simple formalism, that of discrete transition systems.

In other words, whatever the modeling task we have to perform, we always represent the components of our future systems by means of a succession of states intermixed with sudden transitions, also called events. Each of these activities is a discrete transition system, working on its own and communicating with others. They are together embarked on the distributed activities of the system as a whole. This is the way we would like to do our modeling task.

It happens that this very simple paradigm is extremely convenient. In particular, the proving task is partially performed by demonstrating that the transitions of each component preserve a number of desired global properties which must be permanently obeyed by the states of our components. These properties are the so-called invariants. Most of the time, these invariants are transversal properties involving the states of multiple components in our system.

The corresponding proofs are called the invariant preservation proofs. States and events As seen in previous section, a discrete transition component is made of a state and some transitions.

Let us describe this here in simple terms. By putting all this together, a state can be simply abstracted to a set. Exercises: What is the state of the discrete system of a human being able to press a button? What is the state of the discrete system of a motor being able to start and stop?

Taking this into account, an event can be abstracted to a simple binary relation built on the state set. A better notation consists in splitting an event into two parts: the guards and the actions. A guard is a predicate and all the guards conjoined together in an event form the domain of the corresponding relation. An action is a simple assignment to a state variable. Variables that are not assigned are unchanged.

Exercises: What are the events of the discrete system of a human being able to press a button? What are the events of the discrete system of a motor being able to start and stop? What is the possible relationship between both these systems? At this stage, we might be slightly embarrassed and discover that it is not so easy to answer the last question. In fact, to begin with, we have not followed our own prescriptions! In doing this, we might have discovered that this relationship between the motor and the button is not that simple after all.

Here are some questions that might come up: do we need a single button or several of them i. Is the latter a good idea? In the case of several buttons, what can we observe if the start button is pressed while the motor is already started?

In this case, do we have to release the button to re-start the motor later? And so on. Now, how about putting a piece of software between the two? It has to be done in successive steps. Our mathematical model is done using the set-theoretic notation to write down the state invariants and the transitions. We can strengthen the guards of an event or add new guards. We also add new actions in an event. Finally, it is possible to add new events.

As a result, we do not enter any more new details of the problem in the model, we rather transform some state and transitions of our discrete system so that it can easily be implemented on a computer. It can often be performed by a semi-automatic tool. Communication and proofs A very important aspect of the modeling task is concerned with the communication between the various components of the future system.

This is because the messages between the components Prologue: Faultless systems — yes we can! Being faultless: what does it mean? If a program controlling a train network is not developed to be correct by construction, then, after writing it, we can certainly never prove that this program will guarantee that two trains will never collide.

It is too late. It seems that there is considerable confusion here as people do not make any clear distinction between the two.

## Modelling and Validating an Automotive System in Classical B and Event-B

This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below! This page intentionally left blank Modeling in Event-B A practical text suitable for an introductory or advanced cour This page intentionally left blank Modeling in Event-B A practical text suitable for an introductory or advanced course in formal methods, this book presents a mathematical approach to modeling and designing systems using an extension of the B formalism: Event-B. Readers will learn how to build models of programs and, more generally, discrete systems, but this is all done with practice in mind. The numerous examples provided arise from various sources of computer system developments, including sequential programs, concurrent programs, and electronic circuits.

Cambridge University Press. - Modeling in Event-B: System and Software Engineering. Jean-Raymond Abrial. Frontmatter. More information.

## Modeling in Event-B - System and Software Engineering

We have modelled parts of the ABZ automotive case study using the B-method. For the early phases of modelling we have used the classical B for software, while for proof we have used Event-B and Rodin. Moreover, for one particular style of modelling, the result can then be translated to superposition refinement with event extension in Event-B.

*So, 30 years separate Z from Event-B. It is thus clear that I spent a significant time of my scientific professional life working with the same kind of subject in mind, roughly speaking specification languages. I do not know whether this kind of addiction is good or bad, but what I know is that I enjoyed it a lot.*

Modeling in Event-B: System and Software Engineering provides a comprehensive exposition of the Event-B approach for modeling and reasoning about systems. The mathematical language and the proof method of Event-B are introduced. Through a series of realistic case studies, the important modeling and reasoning concepts are explained. Many of these case studies are inspired from the author's industrial experience and include control systems, communications protocols, distributed algorithms and digital circuits. The book can be used for an introductory course on formal modeling and reasoning and can be used for an advanced course involving more complex data structures and automated proof.

The B method is a method of software development based on B , a tool-supported formal method based on an abstract machine notation , used in the development of computer software.

A practical text suitable for an introductory or advanced course in formal methods, this book presents a mathematical approach to modelling and designing.

Request PDF | Modeling in Event-B - System and Software Engineering | A practical text suitable for an introductory or advanced course in formal methods, this.

Power learning strategies for success in college and life 6th edition pdf the gun debate what everyone needs to know pdf free

Save to Binder · eReader · PDF.